Skip to content
Snippets Groups Projects
Select Git revision
  • 32a095a72c3bab3bf4926854d79f5fb5acf9d7b9
  • master default protected
2 results

iml-certman

  • Clone with SSH
  • Clone with HTTPS
    • user avatar
    cert matching checks key and cert, not csr anymore
    Hahn Axel (hahn) authored
    32a095a7
    History
    user avatar 32a095a7
    History
    Name Last commit Last update
    certs
    csr
    log
    templates
    .gitignore
    cm.sh
    inc_config.sh.dist
    readme.md
    readme.md

    iml-certman

    Wrapper for acme.sh to create Let's Encrypt certificates based on CSR files using DNS authentication

    source: https://git-repo.iml.unibe.ch/open-source/iml-certman

    Installation

    • Install acme.sh client: https://github.com/acmesh-official/acme.sh
    • Clone or extract files of iml-certman
    • Make your changes by copying *dist files to file without ".dist" extension and edit
      • inc_config.sh
        • set credentials for dns api
        • set path to acme.sh script
        • optional: set custom target for generated certificates
        • optional: for testing enable Let's Encrypt stage server to prevent running into weekly limits during tests
      • templates/csr.txt
        • set location, company and department

    Usage

    
./cm.sh 
_______________________________________________________________________________


                - - - ---===>>> CERT MANAGER <<<===--- - - -

_______________________________________________________________________________

DEBUG: Using LE STAGE environment ...
DEBUG: You can test and mess around. Do not use certs in production.


HELP

The basic syntax is
cm.sh ACTION [FQDN] [ALIAS_1 [.. ALIAS_N]]

The ACTIONs for SINGLE certificate handlings are:

        add FQDN [.. FQDN-N] 
                create new certificate
                The first FQDN is a hostname to generate the certificate for. 
                Following multiple hostnames will be used as DNS aliases in the 
                same certificate.
                It updates files in ./certs

        add-or-renew FQDN [.. FQDN-N] 
                This param is for automation tools like Ansible or Puppet.
                It checks if the certificate for first (*) FQDN exists.
                If not: add a new cert (see "add").
                If so: call renew action (see "renew")

                (*) it doesn't verify the DNS aliases

        delete FQDN
                delete all files of a given certificate

        renew FQDN
                renew (an already added) certificate
                and update files in ./certs

        show FQDN
                show place of csr + certificate data and show certificate

ACTIONs for ALL certs

        list
                list all certificates including creation and renew date

        renew-all
                renew all certificates (fast mode - without --force)
                and update files in ./certs


DEBUG: Using LE STAGE environment ...
DEBUG: You can test and mess around. Do not use certs in production.